Privacy Policy
Last updated: July 11, 2026
The short version: your health data stays on your phone. Here's the full version, in plain English.
- Your health data — profile, meals, supplements, logs — stays on your phone in a local database. No account or login required.
- Meal and supplement-label photos are sent to our AI provider only to analyze them — they are not stored on our servers.
- Optional community features store only what you choose to share. Your health logs are never synced to a server.
- No ads, no trackers, no selling your data.
What Tavita is
Tavita is a nutrition and calorie tracker that also helps you organize the timing of supplements and medicines you already take. It is not a medical device, and it does not diagnose, treat, or provide medical advice — see our Terms of Service for the full picture.
This policy explains what data Tavita collects, what stays on your phone, what occasionally leaves it (and why), and the choices you have. We wrote it to actually be read, so it's longer on plain explanation than on legal boilerplate.
Data stored on your device
Tavita doesn't require an account or a login. When you use the core app, your data lives in a local database and local storage on your phone — it never touches a Tavita server. That includes:
- Your profile: name, age, sex, body metrics, weight goal, health goals, diet type and allergens, wake/sleep and meal times, alcohol/smoking/caffeine habits, exercise level, pregnancy status, medical conditions, and blood pressure, if you choose to enter them.
- Your supplements, medicines, and the schedules you build for them.
- Meal logs, nutrient totals, and hydration, caffeine, and alcohol logs.
- Sleep, weight, blood pressure, and activity logs you enter or sync.
- Wellness and menstrual tracking, if you use it.
- Progress photos, streaks, and badges.
You can export this data (as JSON or PDF) or delete it entirely from inside the app at any time. If you delete the app itself, this data is deleted with it — there is no server-side copy to clean up, because there isn't one.
Tavita also supports an optional app lock: a PIN, or Face ID / fingerprint. Biometric data is handled entirely by your phone's operating system — Tavita never sees or stores it, and it never leaves your device.
Data that leaves your device
Tavita is built to be private by design, and most of what you enter never leaves your phone. But a few features genuinely need to talk to a server to work. Here is every one of them, what's sent, and why.
1. AI photo analysis
When you photograph a meal, or a supplement or medicine label, that photo (and related text, like the supplement name) is sent over an encrypted connection to Tavita's own proxy server, which forwards it to Anthropic's Claude API for analysis. The results come back to your device. Our proxy uses the photo only to produce that analysis and does not store it. Anthropic processes the photo as our AI provider, under its own API terms. Tavita also uses Claude for text-only AI features, like reasoning about your schedule or generating a weekly insight — those requests contain the relevant schedule or log data, not your full profile.
2. Public database lookups
When you look up a food, supplement, or drug, Tavita queries public reference databases — the NIH Dietary Supplement Label Database (DSLD), RxNorm, openFDA, USDA FoodData Central, and Open Food Facts. These queries contain only the food, supplement, or drug name (or a barcode) — never your identity, profile, or health data.
3. Interaction checking
Interaction checking between the supplements and medicines you track uses the DDInter database, which ships inside the app itself. These checks run entirely on your device — nothing about your stack or your interaction results is sent anywhere.
4. Purchases
Subscriptions are billed by the Apple App Store or Google Play, not by Tavita — we never see your card details. Purchases are processed through RevenueCat, our subscription infrastructure provider, which receives your purchase receipt, entitlement status, and an anonymous app user ID. If you apply a creator or affiliate code, that code is attached to your subscriber record so the creator gets credit.
5. Optional community features
Friends, challenges, leaderboards, shared "stacks," the activity feed, feature voting, and referrals are all opt-in. If you turn any of these on, a username you choose, a lightweight account ID, your friend connections, shared stacks, challenge and leaderboard entries, activity-feed posts, feature votes, and a push-notification token are stored on Tavita's backend (Supabase). Push notifications between users are delivered through Expo's push notification service. You choose what to share here — your private health logs are never synced to this backend, opted in or not.
6. Health platform data (Apple Health / Health Connect)
If you connect Apple Health or Health Connect, see the dedicated section below — Health platform data — for exactly what that involves and the commitments we make around it.
Health platform data
Connecting Apple Health or Health Connect is optional and requires your explicit permission through your phone's own permission dialog. When connected, Tavita reads sleep and workout / active-calorie data to help inform your supplement schedule, and may write supplement-intake records back to Apple Health so your other health apps can see them.
Health data obtained through HealthKit or Health Connect is used solely to provide Tavita's health and scheduling features. It stays on your device. It is never used for advertising or marketing, never sold, and never shared with third parties or data brokers.
What we never do
- We don't sell your data, to anyone, ever.
- We don't run ads or work with ad networks in the app.
- We don't build advertising or marketing profiles from your health data.
- We don't use analytics SDKs, ad trackers, or crash-reporting SDKs in the app.
- This website doesn't use cookies, analytics, or trackers either — it's a static site.
Your choices & rights
Because most of your data lives only on your device, you're already in control of nearly all of it: you can export it, edit it, or delete it from inside the app whenever you like, and deleting the app deletes it for good.
For the smaller amount of data Tavita or its processors do hold — community data, purchase records, or logs generated by an AI request — you can:
- Ask what we hold and request a copy, by emailing support@tavita.app.
- Delete your community account and its data from inside the app's settings, or by emailing us.
- Turn off optional features (community, Health Connect / Apple Health) at any time — turning one off stops future data flow for that feature.
Some of our infrastructure providers (Anthropic, RevenueCat, Supabase, Expo, Vercel) are based in the United States, so data processed through those features may be transferred to and processed in the US.
Security
All network requests Tavita makes — to our proxy, to public databases, to Apple/Google, or to our backend — go over HTTPS. On-device data is protected by your phone's own storage security and, if you enable it, an app-level PIN or biometric lock (Face ID or fingerprint), which your operating system handles directly.
No method of transmission or storage is perfectly secure, but because the vast majority of your data never leaves your device in the first place, there's very little for a server-side breach to expose.
Children
Tavita is not directed at children under 13, and its health-tracking features are intended for adults. If you're between 13 and 17, please use Tavita with a parent or guardian's guidance, particularly around health and medication information.
Changes to this policy
If we change what data we collect or how we use it, we'll update this page and change the "last updated" date above. For a material change, we'll do our best to flag it inside the app as well.
Contact
Questions about this policy or your data? Email support@tavita.appand we'll get back to you.
Data sources & attributions
Tavita relies on the following public databases, licensed data, and infrastructure providers:
- NIH Dietary Supplement Label Database (DSLD) — supplement label data, maintained by the National Institutes of Health. DSLD covers products sold in the United States; coverage of non-US products may be limited or estimated by our AI features instead.
- RxNorm, courtesy of the U.S. National Library of Medicine (NLM), National Institutes of Health, Department of Health and Human Services. NLM is not responsible for Tavita and does not endorse or recommend it or any other product.
- openFDA— drug label data from the U.S. Food and Drug Administration's public API. openFDA data is not validated for clinical use, and its use here does not represent an endorsement by the FDA.
- USDA FoodData Central — food and nutrient data from the U.S. Department of Agriculture.
- Open Food Facts — packaged-food product data from the Open Food Facts collaborative database, licensed under the Open Database License (ODbL).
- DDInter — a curated drug-drug interaction database, queried entirely on-device for interaction checking.
- Anthropic Claude— powers Tavita's AI photo analysis and text-based AI features.
- Google Gemini — used to generate the illustrations on this website and in the Tavita app.
Purchases, backend, notifications, and hosting are handled by RevenueCat (subscriptions), Supabase (optional community backend), Expo (push notifications), and Vercel (our AI proxy and this website) — each acting as a data processor for the specific feature described above.